Computas is committed to processing and protecting your personal data in a safe and secure manner. This privacy statement shall help you understand which personal data we collect, for what purposes we collect personal data, how it is processed, and your rights related to the processing of personal data.
This privacy statement applies to the use of Computas AS (“Computas”) website, computas.com.
Computas processes personal data in accordance with Norwegian privacy legislation, and is the data controller for personal data that is processed in connection with the use of the website computas.com. Inquiries related to Computas’ processing of personal data shall be directed to firstname.lastname@example.org.
1. When does Computas collect personal data?
Personal data is any kind of information that can be directly or indirectly linked to an individual. Computas processes personal data in connection with the following:
- Newsletter subscriptions
- When registering for events
- When submitting answers to our non-anonymous surveys
- When contacting Computas
- When using cookies at computas.com.
- In connection with recruitment
- Processing of personal data in connection with our services, including personal data of contact persons at our customers, suppliers and partners
We also receive information indirectly for the following reasons:
- An employee has named you as next of kin
- A jobseeker has listed you as a reference
2. Computas’ processing of personal data
Below, we provide an overview of the purposes for which we typically process personal data, the types of personal data we process. We do not engage in automated individual decisions or profiling.
2.1 Customer assignments
In connection with our customer assignments, we register contact information, preferably the contact person’s name, telephone number and email address. In addition, contact information that we have received from customers is used for invoicing. Such processing of personal data is based on Article 6f of the GDPR (balancing of interests: our interest in dialogue with the client). In connection with ongoing customer assignments, Computas conducts non-anonymous surveys. We will always inform you about the purpose of the survey, and an answer is only processed against the stated purpose. Answering surveys from Computas is voluntary.
Computas’ customer assignments may involve processing of personal data. Computas customizes a set of agreements and implements the necessary measures for processing personal data in accordance with current legislation and requirements from the customer.
2.2 Administration of suppliers and partners
We use suppliers and partners in connection with our services. For these, we register contact details, primarily the contact person’s name, telephone number and email address. In addition, contact details that we have received from customers are used for invoicing and are based on Article 6f of the GDPR (balancing of interests: our interest in handling the relations between suppliers and partners) or Article 6b of the GDPR (contract).
2.3 Newsletters and event invitations
Computas sends out newsletters and event invitations by email to contact persons with our existing customers (customers we have assisted during the course of the past three years), and to others who have explicitly requested such communication. Our basis for sending such emails to contact persons with existing customers, is provided in GDPR article 6f (balancing of interests: our legitimate interest in following up customers), cf. the Marketing Control Act, Section 15(3). Our basis for sending emails to other persons, is provided in GDPR Article 6a (consent), cf. the Marketing Control Act, Section 15(1). The recipient of the newsletter can at any time withdraw the consent and unsubscribe the newsletter by using the link included in our emails. The email address will be erased from our subscription list when unsubscribing.
For sending the newsletters, we use Hubspot as a data processor to manage email addresses and send out the newsletter, and Hubspot operates the database where the information is stored. Hubspot also collects statistics about how the newsletter is read, information about the device you are using and which links are clicked on.
2.4 Events and courses
Personal data is processed in connection with registration for events.
Computas processes the personal data that the individual provides in registration forms, such as name, email address, company, and telephone number. The information is used only to manage the events. The information is stored to register you for an event. Information related to an event is erased no later than 6 months after completion.
Computas processes personal data in connection with recruitment. Computas uses the system Teamtailor to register applications in connection with job applications. Teamtailor’s privacy statement is found here https://careers.computas.com/privacy-policy.
Relating to job applications, we collect the following personal data about you:
- Name and address
- Personal ID code
- Phone number
- Academic results
Computas processes personal data relating to job applications based on:
- Fulfilling an agreement with the person concerned or implementing measures at the person’s request before entering into an agreement, cf. GDPR Article 6 (1) b.
- Consent from the subject applying for the position, cf. GDPR Article 6 (1) a.
2.6 Processing of personal data when visiting Computas’ premises
At Computas’ street level entrance in Akersgata 35-39, a camera with a microphone is installed, and the camera is activated when you ring the doorbell. An image of the entrance is displayed in real time and has no recording option.
As a visitor to Computas’ premises, you must register with the following personal data:
- Phone number
The legal basis for processing this is the General Data Protection Regulation, Article 6 (1) (f), which allows us to process information that is necessary to safeguard a legitimate interest that outweighs the consideration of the individual’s privacy. The legitimate interest is to ensure access to Computas’ premises.
4. Sharing information with third parties
Computas will not share personal data with any third party, except:
- for disclosure that follows from a statutory obligation to which Computas is subject, such as tax authorities and supervisory authorities.
- Our IT service providers and their subcontractors will be able to access personal data if needed in order for them to provide their service to us. We have data processor agreements with these parties, ensuring that they do not use information for their own purposes.
We do not sell personal data, nor disclose personal data in other manners.
Where the disclosure of personal data as described above involves a transfer outside of the EEA, we provide measures to protect the personal data, such as entering into an agreement based on the EU Standard Contractual Clauses with the recipient or ensuring that the recipient is Privacy Shield-certified. You can read more about the EU Standard Contractual Clauses here (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en) and about Privacy Shield here (https://www.privacyshield.gov/welcome).
5. Our pages on social media
Computas also has pages on the following social media: Facebook, LinkedIn, Instagram, Twitter and Youtube.
The social media provider stores cookies on your device when you visit and use their service. For the social media’s use of information, we refer to each social media’s privacy statement.
For the information that is registered when you visit our page on social media, we may have shared processing responsibility with the provider (limited to the data we control or have access to).
We gain access to non-personally identifiable information and view only aggregated figures about visits and activity on our pages. We use this for statistics and analysis purposes, such as measuring the number of likes, clicks and comments.
This is not personal information for us, because we can not link it to individuals.
We do not store this information ourselves, but we have access to it as long as we have our page on social media. You can erase the information about you at any time, e.g. by deleting content or comments you have published. Please note that your information will not be erased if you just stop following our page.
6. Your rights
You have multiple rights under the privacy regulations. An overview of these follows below. You can exercise your rights by sending an email to email@example.com. Below, you can request a copy of all data we process about you. We will respond to your inquiry as soon as possible, typically within one month at the latest.
Transparency: You basically have the right to access the personal data we have registered concerning you.
Rectification or erasure: You basically have the right to ask us to rectify incorrect data concerning you and to ask us to erase personal data concerning you.
Limitation: You basically have the right to ask us to stop (“freeze”) the processing of your personal data, e.g. where you believe that we process personal information concerning you illegally and you do not want us to erase it in accordance with our erasure procedures until this has been cleared up.
Data portability: You basically have the right to request that personal data concerning you be transferred in a normal, machine-readable format. Because this only applies to personal data you have given us, and where we process this on the basis of your consent or agreement we have with you, it is unlikely that this right is relevant to us.
Complaint: You basically have the right to lodge a complaint against our processing of personal data concerning you if your specific situation so requires. You can also object to our use of your data for marketing by using the link included in each email.
Complaint to the Norwegian Data Protection Authority: If you disagree with the way we process your personal data, you can submit a complaint to the Norwegian Data Protection Authority. It is much appreciated if you contact us first via firstname.lastname@example.org, so we can clear up any misunderstanding.
We have implemented technical and organizational security measures to handle personal data in a secure manner. We make regular assessments of the security of all systems used for handling personal data, and agreements have been entered into, instructing suppliers of such systems to ensure satisfactory information security.
8. Changes to the Privacy Statement
We will update this Privacy Statement when needed. You will always find the latest version of the Privacy Statement on our website.
Inquiries directed to email@example.com containing personal data are stored in order to respond to your request. Please note that inquiries you send via email are not sent encrypted, and we therefore encourage you not to send confidential, sensitive or other confidential information by email.